lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 17 Feb 2020 16:24:41 +0100
From:   Hanno Zulla <abos@...no.de>
To:     Jiri Kosina <jikos@...nel.org>,
        Benjamin Tissoires <benjamin.tissoires@...hat.com>,
        linux-input@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 0/3] HID: hid-bigbenff: fixing three crash bugs in a gamepad
 driver

Hi there,

the hid-bigbenff.c had three bugs causing possible kernel crashes.

The first patch fixes a double free during device removal, which was 
caused by a wrong use of input_ff_create_memless(). The 
"driver-specific data to be passed into play_effect" parameter of 
input_ff_create_memless() would later be freed automatically when the ff 
device is removed. Since the driver also uses the managed resource API, 
it would automatically free the memory of this parameter twice, causing 
a general protection fault moments later.

The second patch fixes the error path after hid_hw_start(), as a call 
to hid_hw_stop() is required in case of an error.

The second patch also removes the hid_hw_close() call during device 
removal, as several other hid device drivers don't call this routine, 
either.

The third patch adds a flag to avoid a race condition when there is 
still scheduled work left (or newly being scheduled) during or after 
device removal, which could cause a kernel crash.

Thanks in advance for your review & kind regards,

Hanno

Powered by blists - more mailing lists